General
-
Target
sougou-38x-1.exe.vir
-
Size
156.4MB
-
Sample
231015-my9q9sff38
-
MD5
d8ee374bbdbe39affe04d40082637045
-
SHA1
ac52f1809cad5004cf1a58062ef057eee3d9b1f8
-
SHA256
a112fed4be5f1a03eed60982ab3aee94107d89b9a02e525324db16f7dc67f58c
-
SHA512
8f7ae0f8cd25f2715cc4fcf9b4a114bc1a36394fbfd688c1d8cbeb3b1009f0dd178acdc86a1df76ed6fdafa715ca0e864b9b1835927b76a652ff35c51da0da38
-
SSDEEP
3145728:nBtajzICVV+xvKE2S0YtEtZuXrX60bvGWkX6s4xP7NzEC:nBtMIkov92S0+ELuXrX6QGW5s4xP7NzF
Malware Config
Targets
-
-
Target
sougou-38x-1.exe.vir
-
Size
156.4MB
-
MD5
d8ee374bbdbe39affe04d40082637045
-
SHA1
ac52f1809cad5004cf1a58062ef057eee3d9b1f8
-
SHA256
a112fed4be5f1a03eed60982ab3aee94107d89b9a02e525324db16f7dc67f58c
-
SHA512
8f7ae0f8cd25f2715cc4fcf9b4a114bc1a36394fbfd688c1d8cbeb3b1009f0dd178acdc86a1df76ed6fdafa715ca0e864b9b1835927b76a652ff35c51da0da38
-
SSDEEP
3145728:nBtajzICVV+xvKE2S0YtEtZuXrX60bvGWkX6s4xP7NzEC:nBtMIkov92S0+ELuXrX6QGW5s4xP7NzF
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
UAC bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
1